Sublime Core Feed | Sublime Security

Sublime Core Feed
Login to Sublime
Sublime Core FeedThis repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Feb 9th, 2026
Feed Source
GitHub
Tactic or Technique is
Rule Name & Severity
Last Updated
Attachment: Fake lawyer & sports agent identities
Sublime Security
14d ago
Jan 26th, 2026
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Exif analysis
File analysis
Optical Character Recognition
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Exif analysis
File analysis
Optical Character Recognition
/feeds/core/detection-rules/attachment-fake-lawyer-and-sports-agent-identities-7d3a2478
Google share notification with suspicious comments
Sublime Security
28d ago
Jan 12th, 2026
Credential Phishing
Impersonation: VIP
Free file host
HTML analysis
Header analysis
Sender analysis
Content analysis
Credential Phishing
Impersonation: VIP
Free file host
HTML analysis
Header analysis
Sender analysis
Content analysis
/feeds/core/detection-rules/google-share-notification-with-suspicious-comments-c69c9924
Impersonation: Executive using numbered local part
Sublime Security
10d ago
Jan 30th, 2026
BEC/Fraud
Free email provider
Impersonation: VIP
Social engineering
Header analysis
Sender analysis
BEC/Fraud
Free email provider
Impersonation: VIP
Social engineering
Header analysis
Sender analysis
/feeds/core/detection-rules/impersonation-executive-using-numbered-local-part-8e005a22
Service Abuse: Box file sharing with credential phishing intent
Sublime Security
28d ago
Jan 12th, 2026
Credential Phishing
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Impersonation: Employee
Impersonation: VIP
Content analysis
Natural Language Understanding
Sender analysis
Header analysis
Credential Phishing
BEC/Fraud
Callback Phishing
Evasion
Social engineering
Impersonation: Employee
Impersonation: VIP
Content analysis
Natural Language Understanding
Sender analysis
Header analysis
/feeds/core/detection-rules/service-abuse-box-file-sharing-with-credential-phishing-intent-5bd0cb25
Service abuse: Trello board invitation with VIP impersonation
Sublime Security
6d ago
Feb 3rd, 2026
Credential Phishing
Impersonation: VIP
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
Credential Phishing
Impersonation: VIP
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/service-abuse-trello-board-invitation-with-vip-impersonation-fedfc94b
Suspicious attachment with unscannable Cloudflare link
Sublime Security
28d ago
Jan 12th, 2026
Credential Phishing
Evasion
PDF
Social engineering
Impersonation: Employee
Impersonation: VIP
File analysis
URL analysis
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
Credential Phishing
Evasion
PDF
Social engineering
Impersonation: Employee
Impersonation: VIP
File analysis
URL analysis
Sender analysis
Content analysis
Header analysis
Natural Language Understanding
/feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f
Suspicious request for financial information
Sublime Security
2mo ago
Dec 6th, 2025
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
BEC/Fraud
Free email provider
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Sender analysis
/feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d
VIP / Executive impersonation in subject (untrusted)
Sublime Security
5mo ago
Aug 14th, 2025
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
/feeds/core/detection-rules/vip-executive-impersonation-in-subject-untrusted-0a641fe5
VIP / Executive impersonation (strict match, untrusted)
Sublime Security
4mo ago
Sep 29th, 2025
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
BEC/Fraud
Impersonation: VIP
Header analysis
Sender analysis
/feeds/core/detection-rules/vip-executive-impersonation-strict-match-untrusted-e42c84b7
VIP impersonation: Fake thread with display name match, email mismatch
Sublime Security
28d ago
Jan 12th, 2026
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
/feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28
VIP impersonation with BEC language (near match, untrusted sender)
Sublime Security
28d ago
Jan 12th, 2026
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/vip-impersonation-with-bec-language-near-match-untrusted-sender-303081da
VIP impersonation with charitable donation fraud
Sublime Security
2mo ago
Nov 12th, 2025
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: Employee
Impersonation: VIP
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e
VIP impersonation with invoicing request
Sublime Security
2y ago
Apr 23rd, 2024
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
/feeds/core/detection-rules/vip-impersonation-with-invoicing-request-a60f89a0
VIP impersonation with urgent request (strict match, untrusted sender)
Sublime Security
28d ago
Jan 12th, 2026
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Content analysis
Natural Language Understanding
Sender analysis
BEC/Fraud
Impersonation: VIP
Social engineering
Content analysis
Content analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/vip-impersonation-with-urgent-request-strict-match-untrusted-sender-0dd1fa60
VIP impersonation with w2 request
Sublime Security
11d ago
Jan 29th, 2026
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
BEC/Fraud
Impersonation: VIP
Content analysis
Header analysis
Natural Language Understanding
/feeds/core/detection-rules/vip-impersonation-with-w2-request-e7e73fad
VIP local_part impersonation from unsolicited sender
Sublime Security
6mo ago
Aug 12th, 2025
Impersonation: VIP
Spoofing
Header analysis
Sender analysis
Impersonation: VIP
Spoofing
Header analysis
Sender analysis
/feeds/core/detection-rules/vip-localpart-impersonation-from-unsolicited-sender-74035fdc
16 Rules